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Server computer for financial data transaction in e-commerce, stores data 
packet until computer selected by data processor, is ready to receive 
client packet 

Patent Assignee: INTEL CORP (ITLC ) 
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US 6681327 Bl 12 H04L-009/00 CIP of application US 9854304 

Provisional application US 99133451 

Abstract (Basic) : US 6681327 Bl 

NOVELTY - A data processor connected to a data interface, is 
programmed to access data packet received from the computer, and 
decrypts the contents of the data packets. The processor selects the 
computer in which the data packet is transmitted. A data storage stores 
the packet until the selected computer is ready to receive client 
packet . 

DETAILED DESCRIPTION - INDEPENDENT CLAIMS are also included for the 
following : 

(1) electronic requests managing system; . 

(2) electronic requests managing method; . _ _ . 

(3) communication method; and 

(4) communication system. 

USE - Server computer for data communication and financial data 
transaction in e-commerce application over network such as Internet, 
secure socket layer (SSL) and Internet protocol security ( IPSec 
) . 

ADVANTAGE - The client session is recovered and completed without 
conveying any of the service difficulties encountered by the entity 
providing service to the client, thus maintaining high customer 
perception of the entity. 

DESCRIPTION OF DRAWING (S) - The figure shows a flowchart explaining 
the server operation. 
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Abstract (Basic) : WO 200288969 Al 

NOVELTY - Buffering access requests by their timing cycles allows 
low latency access to small blocks of discontinuous data stored in a 
high density storage device. The buffer may have a number of sections 
serving different memory banks. The system recognizes when different 
access requests are directed to different memory banks and prioritizes 
them to reduce overlap and reduce total access time. Read and write 
accesses and bank switches can be grouped from the buffers. 

DETAILED DESCRIPTION - INDEPENDENT CLAIMS are included for 

(a) a networking system includes a high density storage device with 
a controlling prioritizing memory access requests on the basis of their 
timing cycles 

(b) a memory request handling method 

(c) and a networking system having network interface devices and 
network processing engines configured to encrypt and decrypt 
information passing between networking connections and RAM devices with 

Internet Protocol Security 

USE - Memory systems for data processing systems. 

ADVANTAGE - Uses high-density RAM storage devices to provide low 
latency access over the full memory address space to small blocks of 
discontinuous data. 
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Abstract (Basic) : US 20020104020 Al 

NOVELTY - The Internet protocol security (IP sec) traffic is 
decrypted at secondary location to determine its classification 
parameter, if the classification parameter for the IP sec traffic is 
not available at a primary location. The IP sec traffic is forwarded 
based on the determined classification parameter. 

DETAILED DESCRIPTION - INDEPENDENT CLAIMS are included for: 

(1) Internet protocol security traffic processing system; and 

(2) Article comprising machine-readable medium storing program for 
processing Internet protocol security traffic. 

USE - For processing Internet protocol security (IP sec) 
traffic. 

ADVANTAGE - The traffic is efficiently classified and transmitted 
to and/or from the network. 

DESCRIPTION OF DRAWING ( S ) - The figure shows the block diagram of 
the network configuration. 
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Computer network packet process method, involves performing cryptographic 
process on transferred network packets having high priority by using 
policy 

Patent Assignee: GENTY D M (GENT-I); MULLEN S P (MULL- 1 ) ; VENKATARAMAN G P 
(VENK-I) 

Inventor: GENTY D M; MULLEN S P; VENKATARAMAN G P 
Number of Countries: 001 Number of Patents: 001 
Patent Family: 

Patent No Kind Date Applicat No Kind Date Week 

US 20020078341 Al 20020620 US 2000737042 A 20001214 200266 B 
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Patent No Kind Lan Pg Main IPC Filing Notes 
US 20020078341 Al 10 H04L-009/00 

Abstract (Basic): US 20020078341 Al 

NOVELTY - Network packets having high priority are transferred over 
a computer network based on a policy, before the packets having low 
priority. A cryptographic process is performed on the network packets 
using the policy. 

DETAILED DESCRIPTION - An INDEPENDENT CLAIM is included for network 
packet management system. 

USE - For applying quality of service policies for computer network 
such as virtual private network. 

ADVANTAGE - Allows the QoS and IPsec programs to use the same set 
of priority policies to give identical preferential treatment to high 



priority network packets and overcomes the bandwidth limitations on the 
network. Ensures the high-priority network packets that are not 
significantly slowed down during the encryption/ decryption process. 

DESCRIPTION OF DRAWING ( S ) - The figure shows the block diagram of 
the computer network. 
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US 20020129236 Al H04L-009/00 . , . , 

EP 1378101 A2 E H04L-029/06 Based on patent WO 200254704 

Designated States (Regional) : AL AT BE CH CY DE DK ES FI FR GB GR IE IT 

LI LT LU LV MC MK NL PT RO SE SI TR 
AU 2001287958 Al H04L-029/06 Based on patent WO 200254704 

Abstract (Basic) : WO 200254704 A2 

NOVELTY - The interface between the session initiation protocol 
(SIP) stack and the security manager is called the SIP security 
application interface and provides means to perform all security tasks 
required. The SIP security manager application interface provides means 
for usage of external security services and a SIP security media 
interface provides means for encryption/ decryption of the media 
stream. 

DETAILED DESCRIPTION - INDEPENDENT CLAIMS are included for a SIP 
signaling stack and for a telecommunication system. 

USE - Providing secure voice over Internet protocol terminal . 

ADVANTAGE - Providing authentication and security functions at 
lower level. 

DESCRIPTION OF DRAWING (S) - The drawing shows secure SIP protocol 

stack architecture. , . . , , , 
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Abstract (Basic) : EP 1191737 A2 

NOVELTY - A sub-key skewing module (40) synchronizes the provision 
of each sub-key to its respective data processing module (34) with the 
passage of a data block through the data processing pipeline (32). The 
data block is encrypted or decrypted using sub-keys generated from a 
common primary key. 

DETAILED DESCRIPTION - INDEPENDENT CLAIMS are also included for the 
following : 

(a) Data blocks encryption/ decryption method; 

(b) Computer program product comprising' computer 'usable 
instructions for encrypting or decrypting data blocks 

USE - For encrypting data for communication over telephone or 
computer network, also for IPsec protocols, ATM cell encryption, 
secure socket layer protocol and access system for terrestrial 
broadcast . 

ADVANTAGE - Increases the processing speed of data encryption/ 
decryption apparatus. Supports the use of different cipher keys in 
consecutive clock cycles and improves the level of security provided by 
the apparatus, 

DESCRIPTION OF DRAWING ( S ) - The figure shows a schematic view of a 
data encryption apparatus . 

Data Processing pipeline (32) 
Data processing module (34) 
Sub-key skewing module (40) 
pp; 18 DwgNo 3/9 

Title Terms: DATA; ENCRYPTION; APPARATUS; PRIVATE; COMMUNICATE; TELEPHONE; 

COMPUTER; NETWORK; SYNCHRONISATION; PROVISION; RESPECTIVE; DATA; PROCESS; 

MODULE; PASSAGE; DATA; BLOCK; THROUGH; DATA; PROCESS; PIPE 
Derwent Class: W01 

International Patent Class (Main): H04L-009/00 ; Hb4L-609/b6 

File Segment: EPI 



27/5/16 (Item 15 from file: 350) 

DIALOG (R) File 350:Derwent WPIX 

(c) 2004 Thomson Derwent. All rts. .reserv. ....... ....... ...... 

014481960 **Image available** 

WPI Acc No: 2002-302663/200234 

XRPX Acc No: N02-236695 

Packet attributes match searching method for database of security rules, 
involves searching suitable static rule and relevant dynamic security 
rules , and applying matching dynamic rules to packet 
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Number of Countries: 001 Number of Patents: 001 
Patent Family: 
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US 6347376 Bl 20020212 US 99373104 A 19990812 200234 B 
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Patent Details: 
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Abstract (Basic): US 6347376 Bl . . 

NOVELTY - The static rule having attributes that match the 
corresponding attributes of the packet is searched and tested to find 
if the static rule contains relevant dynamic security rules. If dynamic 
rules exist, security processing is applied to the packet matching the 
dynamic rules. 

DETAILED DESCRIPTION - INDEPENDENT CLAIMS are also included for the 
following : 

(a) Searching tool for matching values of packet attributes and 
corresponding attribute values associated to each rules; 

(b) Storage medium containing stored executable instructions to 
control computer to search for matching values of packet attributes; 

(c) Computer data signal containing stored executable instructions 
. . to control, computer to search for matching values of packet .attributes 

USE - For database of security rules stored in computer network. 

ADVANTAGE - Improves the performance of system IPsec rule 
searching. Sets of dynamic rules are partitioned into separate groups 
such that within a group there is no rule order dependence. Thus 
enhances searching. 

DESCRIPTION OF DRAWING (S) - The figure shows the database structure 
arrangement. . . , 
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Security keys management method for WLAN, involves generating IPsec 
authentication, encryption and decryption keys using certificates and 
private key for packets transferred between mobile . terminal and, server 
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Abstract (Basic) : EP 1178644 A2 

NOVELTY - The certificates obtained from a certificate authority 
and a private key are used with Internet key exchange to generate a 
WLAN link level, and the mobile terminal and the access point are 
mutually authenticated. The keys are used to generate IPsec 
authentication, encryption and decryption keys for data packets 
transferred between the mobile terminal and the server. 

USE - For wireless local area network (WLAN) . 

ADVANTAGE - The security keys are managed efficiently, preventing 
unauthorized access to the network. 

DESCRIPTION OF DRAWING (S) - The figure shows the flow diagram of 
the IP end-to-end security functions and WLAN link level security. 
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Abstract (Basic) : KR 2001066996 A 

NOVELTY - A one chip type IP( Internet Protocol ) security 
based VPN (Virtual private Network) production method is provided to 
produce the IP security function by an ASIC (Application Specific 
Integrated Circuit) for using variously the functions of the VPN. 

DETAILED DESCRIPTION - The method comprises steps of embedding an 
IP security program, defined by an RFC(Requests For Comments), in an 
ASIC, setting a coding/ decoding algorithm at an external position of 
the ASIC to accept currently used various coding algorithms, and 
producing TCP-IP 10 structure for making an Internet access easy. The 
ASIC device can be directly inserted in internal circuit of a 
conventional computer system or be interfaced with the conventional 
computer system, 
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Scheme for determining transport level information in the jpresetioe of 
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unencrypted information normally included in the payload 
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Abstract (Basic) : WO 200147169 A2 

NOVELTY - A transport payload data unit (106) and an encapsulated 
security payload (ESP) trailer (108)- are fully encrypted' whereas the 
Internet protocol header (102), the ESP header (104) and the ESP 
authenticator (110) are not encrypted. Some information related to the 
selected information is placed in the security protocol header prior to 
security processing of the packet, so that access can be allowed to 
selected information by intermediate nodes during transmission of the 
packet . 

DETAILED DESCRIPTION - INDEPENDENT CLAIMS are included for a method 
of permitting access to selected information in an encrypted packet. 

USE - Determining transport level information in presence of 
Internet protocol security encryption . 

ADVANTAGE - No compromise of security. 

DESCRIPTION OF DRAWING ( S ) - The drawing is a schematic diagram of 
configuration of an Internet protocol packet 



Payload data unit (106) 

ESP trailer (108) 

Internet protocol header (102) 

ESP header (104) 
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Abstract (Basic): WO 200105087 A2 - ■■ ■ 

NOVELTY - The cryptography acceleration chip has a classification 
engine (204) configured to receive a complete IP packet and determines 
what keys are needed to encrypt or decrypt the packet. 

DETAILED DESCRIPTION - The cryptography acceleration chip has a 
classification engine (204) which determines the keys by parsing 
fields in a header of the IP packet to determine a flow to which the 
packet belongs. The flow has one or more associated keys for encrypting 



* 

or decrypting the packet. The engine supports all necessary modes for 

IPSec security processing. The chip includes internal and external 
local memories and hash-based look-up table. 

USE - For use in cryptography, also incorporated on network line 
cards or service modules and used in applications as diverse as 
connecting a single computer to WAN, to large corporate networks, to 
networks servicing wide geographic areas. 

ADVANTAGE - Implements IPSec specification at much faster rates 
than are achievable with current chip designs. Has much reduced local 
memory requirements. 

DESCRIPTION OF DRAWING (S) - The figure shows the high level diagram 
of cryptography acceleration chip. 
Classification engine (204) 
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Cryptography acceleration chip used in network line cards, has 
distributor unit and cryptography engines that are configured to perform 
parallel cryptographic processing of packets and to maintain packet flow 
order 
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Abstract (Basic) : WO 200105086 A2 

NOVELTY - The distributor unit (206) receives packets and matching 
classification information of the packets and distributes each packet 
to each of the cryptography processing engines (214). The distributor 
unit and the engines together enables parallel cryptographic processing 
of data packets and also maintains packet flow order. 

DETAILED DESCRIPTION - The distributor unit inputs the packets to 



the cryptography engines in round- robin fashion. An order maintenance 
retirement unit enables the cryptography engines to process incoming 
packets in out-of-order fashion. INDEPENDENT CLAIMS are also included 
for the following: 

(a) Cryptographic processing accelerating method; 

(b) Network communication device 

USE - Used in network line cards, web switches, routers or service 
modules that connect single computer to WAN, to corporate networks to 
networks servicing wide geographic areas. 

ADVANTAGE - Since the chip includes distributor unit and many 
cryptographic engines, the IPSec specification is implemented at much 
faster rate hence local memory requirements is reduced and need for 
attached local memory to store packet data or control parameters is 
avoided. 

DESCRIPTION OF DRAWING (S) - The figure shows the high level block 
diagram of cryptography accelerating chip. 
Distributing unit (206) 
Cryptographic engines (214) 
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Regulating flow of messages through firewall having network protocol 
stack with IP layer - passing decrypted message up network protocol 
stack to application level proxy, and determining authentication protocol 
appropriate for message 
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Abstract (Basic) : GB 2317792 A 

The messages flow regulation involves a firewall (18) having a 
network protocol stack which includes an internet protocol layer. If 
the message is not encrypted, as determined at the IP layer, it passes 
the un-encrypted message up the network protocol" sta£k tb'ari 
application level proxy, while if the message is encrypted, it 
decrypts the message and passes the decrypted message up the network 
protocol stack to the application level proxy. 

The decryption involves executing a process at the IP layer to 
decrypt the message, passing the decrypted message up the network 
protocol stack to an application level proxy, determining the 
authentication protocol appropriate for the message, and executing the 
authentication protocol to authenticate the message sender. 



USE - For secure transfer of information between firewalls over 
unprotected network. 

ADVANTAGE - Handles internet protocol security or iPSEC 

messages without assuming that encrypted message has access to all 
services, by controlling service access to individual services within 
individual network, thus increasing firewall security. 
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ABSTRACT: A commentary discusses IP Security (IPSec) , a virtual private 
network security technology with integrated support for shared secret key 
and digital certificate authentication. IPSec also supports encryption with 
data enfryption standard adn Triple-DES. There is no question that IPSec 
exceeds the simple authentication and verification of a firewall, providing 
vendor-independent encryption. 
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DESCRIPTORS: Virtual networks; Private networks; Computer security; 
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CLASSIFICATION CODES: 9190 (CN=United States); 5250 ^^Telecommunications 
systems); 5140 (CN=Security) 

. . .TEXT: traffic, let alone attempt to intercept application commands and 
data because all IPSec content is encrypted. 

Allowing IPSec traffic through a firewall would mean punching a gaping 
hole in the firewall to allow passage of any traffic that matched only 
rudimentary frame header information that merely suggested that it was 
legitimate IPSec traffic. This might weaken overall network security 
rather than strengthen it. 



Instead, the strategy many customers have... 
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ABSTRACT: Security is often an issue with frame relay because frame relay 
switches data over shared lines that are frequently not owned or managed by 
the service provider with whom the customer has contracted. While private 
networks utilizing frame relay may be safer than sending data over an 
insecure network such as the Internet, do not assume that there are not 
risks. When selecting a frame relay service provider, a company should 
discuss physical security issues with all potential vendors. Keep in mind 
that frame relay can use in-band and out-of-band channels. The different 
security features of permanent virtual circuits and switched virtual 
circuits are discussed. 
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...TEXT: service providers who can provide end-to-end private network 
connectivity; steps need to be taken to encrypt information 

Encryption with frame relay is more complicated than with other 
protocols, such as IP Frame relay operates at a- lower, . •< 

. . . to-point connections. As a result, if you encrypt the entire frame relay 
packet, it must be decrypted by the data link layer recipient to 
determine how to forward the packet. The packet has to be decrypted and 
reencrypted for each point-to-point hop along the data link layer. This 
requires an entire... 
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While the resource reservation protocol (RSVP... 
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... instructions, the new variants are available in signed and unsigned 

versions. Signed arithmetic is frequently used when deciphering MPEG "P" 
and "B" frames , which encode data as the signed difference between 
the current frame and one or two others . 
The new instructions all... 
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MPEG: the gory details. (The Moving Pictures Experts Group standard 
defines three types of frame information : intra- coded frame , 
Predictive frame and Bidirectional -interpolation) 
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...companies have now approved a content-protection framework devised by 
IBM, Intel, Panasonic and Toshiba that uses encryption to scramble 
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of copy protection for their discs, ranging from a. . . - 
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as 13 and 111). See Fig7. 
To provide timing information, the CD frames are organised into a 
group of 98 frames . The information is encoded in eight channels 
corresponding to P, Q, R, S, T, U, V, and W. Currently the P... 
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time a retransmit command from the receiving modem controller 
reaches the transmitting modem controller, the time to decode the speech 
segment containing the error may have already passed. Thus, a special 
protocol is required which. . . 

...was in error while continuing to send new frames of the 4,800-bits/s 
ASM-CELP encoded speech data . The speech frame containing errors is 
used as received; however, it should be pointed out that errors occurring 
in the. . . 



.Set Items Description 

51 813617 ENCRYPT? OR SCRAMBL? OR CIPHER? OR CRYPT? OR CODE? ? OR EN- 

CIPHER? OR CODING OR CODED OR ENCOD? 

52 89240 DECRYPT? OR DESCRAMBL? OR DECIPHER? OR DECOD? OR UNSCRAMBL? 

OR UNENCOD? OR UNENCRYPT? OR UNCOD? OR UNCIPHER? 

53 17745 (PACKET ? OR FRAME? OR DATAGRAM? OR BLOCK () DATA) (2N) (DATA - 

OR INFORMATION) ' " 

54 50661 SI (2N) (DATA OR INFORMATION) 

55 2602862 CLASSIF? OR CATEGORIZ? OR CATEGORIS? OR CATALOG? OR GROUP? 

56 2264167 PARAMETER? OR DESCRIPT? ( ) ITEM? OR ATTRIBUT? OR (NAME OR ST- 

RUCTURE? OR SIZE OR VALUE) (2N) (DATA OR INFORMATION) 

57 1302 IPSEC OR INTERNET () PROTOCOL () SECURITY 

58 56228 (SECONDARY OR FURTHER OR ADDITIONAL OR NEW OR SUPPLEMENT? - 

OR MORE OR EXTRA?) (2W) (PLACE? OR POSITION? OR LOCATION? OR AR- 
EA? OR SPACE?) 

59 30351 (FIRST OR 1ST OR INITIAL OR LEADING OR CARDINAL OR ORIGINAL 

OR PRIMARY) (2W) (PLACE? OR POSITION? OR LOCATION? OR AREA? OR 
SPACE?) 



S10 


349 


SI (2N) S3 




Sll 


0 


S7 AND (S2 


(2N) S3) 


S12 


40 


S7 AND S2 




S13 


23 


S7 AND S3 




S14 


8 


S10 AND S7 




S15 


40 


S10 AND S5 




S16 


85 


S10 AND S2 




S17 


85 


S16 AND S3 




S18 


1 


S17 AND S7 




S19 


101 


S12 OR S13 


OR S14 OR 


S20 


55 


S19 NOT PY>2001 


S21 


55 


S20 NOT PD?20010130 


S22 


51 


RD (unique 


items ) 



File 8:Ei Compendex(R) 1970-2 004/Aug W5 

(c) 2004 Elsevier Eng. Info. Inc. 
File 35:Dissertation Abs Online 1861-2004/Aug 

(c) 2004 ProQuest Inf o&Learning 
File 202:Info. Sci. & Tech. Abs. 1966-2004/ Jul 12 

(c) 2004 EBSCO Publishing 
File 65: Inside Conferences 1993-2004/Sep Wl 

(c) 2004 BLDSC all rts . reserv. 
File 2:INSPEC 1969-2004/Aug W5 

(c) 2004 Institution of Electrical Engineers 
File 256:TecInfoSource 82-2004/Jul 

(c)2004 Info. Sources Inc 
File 233:lnternet & Personal Comp. Abs. 1981-2003/Sep 

(c) 2003 EBSCO Pub. 
File 94 : JICST-EPlus 1985-2 004 /Aug W2 

(c)2004 Japan Science and Tech Corp (JST) 
File 99:Wilson Appl . Sci & Tech Abs 1983-2004/ Jul 

(c) 2004 The HW Wilson Co. 
File 95:TEME-Technology & Management 1989-2004/ Jun Wl 

(c) 2004 FIZ TECHNIK 
File 583:Gale Group Globalbase (TM) 1986-2002/Dec 13 

(c) 2002 The Gale Group 



22/5/2 (Item 2 from file: 8) 

DIALOG (R) File 8 : Ei Compendex ( R) 

(c) 2004 Elsevier Eng. Info. Inc. All rts . reserv. 

06013011 E.I. No: EIP02096873388 

Title: Securing IP networking architectures 

Author: Paridaens, Olivier; Gamm, Bernhard; Howard, Brett 

Corporate Source: Alcatel Corp. CTO Net. Strat. Group, Antwerp, Belgium 

Source: Alcatel Telecommunications Review n 2 2001. p 122-128 

Publication Year: 2001 

CODEN: AT RE FX ISSN: 1267-7167 

Language: English 

Document Type: JA; (Journal Article) Treatment: T; (Theoretical) 

Journal Announcement: 02 03W1 r . . . . . , , .. 

Abstract: Security mechanisms for Internet protocol (IP) networking 
architectures to cope with potential security threats in IP-based 
environments were presented. The security features of IP security service 
such as data integrity check, data authentication, traffic flow 
confidentiality and replay prevention were also discussed. The IP security 
system can be used to secure any type of traffic carried over IP, as it is 
applied at the IP level. (Edited abstract) 

Descriptors: Network protocols; Security of data ; Telecommunication 
traffic; Packet networks ; Data communication systems; Cryptography ; 
Database systems; Client server computer systems; Algorithms 

Identifiers: Internet protocol security ; Internet protocol packets 

Classification Codes: 

723.2 (Data Processing); 721.1 (Computer Theory (Includes Formal Logic, 
Automata Theory, Switching Theory & Programming Theory)); 723.3 (Database 
Systems); 722.4 (Digital Computers & Systems) 

723 (Computer Software, Data Handling & Applications); 716 (Electronic 
Equipment, Radar, Radio & Television) ; 721 (Computer Circuits & Logic 
Elements); 722 (Computer Hardware) 

72 (COMPUTERS & DATA PROCESSING); 71 (ELECTRONICS & COMMUNICATION 
ENGINEERING) 



22/5/3 (Item 3 from file: 8) 

DIALOG (R) File 8 : Ei Compendex (R) - - - - -- 

( c) 2004 Elsevier Eng. Info. Inc. All rts. reserv. 

05851362 E.I. No: EI P012 8 65738 17 

Title: Multiple description coding using exact discrete radon transform 

Author: Parrein, B. ; Normand, N.; Guedon, J. P. 

Corporate Source: IRCCyN UMR 6597 Image Video Communication team EPUN, 
50609-44306 Nantes Cedex 3, France 

Conference Title: Data Compression Conference 

Conference Location: Snowbird, UT, United States Conference Date: 
20010327-20010329 

Sponsor: Brandeis University 
E.I. Conference No. : 58224 

Source: Data Compression Conference Proceedings 2001. p 508 

Publication Year: 2001 

CODEN: DDCCF9 ISSN: 1068-0314 

Language: English 

Document Type: CA; (Conference Article) Treatment: T; (Theoretical) ; X; 
( Experimental ) 

Journal Announcement: 0107W2 

Abstract: A balanced multiple description coding is proposed. With a 
complete adequation between projections and packets, this Priority 
Encoding Transmission (PET) system can be used over packet switch data 
networks as the Internet without scalability management. (Edited abstract) 

Descriptors: * Image coding; Mathematical transformations; Computational 
methods; Numerical methods; Color image processing; Encoding (symbols); 
Packet networks; Switching networks; Internet; Management information 
systems; Image compression 

Identifiers: Multiple description coding; Discrete Radon transform; 
Layered coding; Numerical shape pixel; Mojette transform; Priority 



encoding transmission; Packet switch data network ; Join t photographic 
experts group ; Motion pictures experts group 
Classification Codes: 

723.2 (Data Processing); 921.3 (Mathematical Transformations); 921-6 
(Numerical Methods); 723.5 (Computer Applications) 

723 (Computer Software, Data Handling & Applications); 921 (Applied 
Mathematics ) 

72 (COMPUTERS & DATA PROCESSING); 92 (ENGINEERING MATHEMATICS) 



22/5/4 (Item 4 from file: 8) 

DIALOG (R) File 8 : Ei Compendex(R) 

(c) 2004 Elsevier Eng. Info. Inc. All rts . reserv. 

05846001 E.I. No: EIP01276564 820 

Title: Packet loss resilient, scalable audio compression and streaming 
for IP networks 

Author: Leslie, B.; Sandler, M. 

Conference Title: 2nd International Conference on 3G Mobile Communication 
Technology 

Conference Location: London, United Kingdom Conference Date: 
20010326-20010328 

E.I. Conference No.: 58158 

Source: IEE Conference Publication n 477 2001. p 119-123 

Publication Year: 2001 

CODEN: IECPB4 ISSN: 0537-9989 

Language: English 

Document Type: CA; (Conference Article) Treatment: A; (Applications); T 
; (Theoretical) ; X; (Experimental) 
Journal Announcement: 0107W1 

Abstract: Current popular internet audio streaming solutions impose a 
division between source coding (provided, for example, by MPEG Layer III- 
MP3) and channel coding, which is accomplished in the server, typically by 
means of packet retransmission. We present a novel joint source and 
channel coder which provides packet loss recovery and continuous bitrate 
scalability. These functionalities are well suited to streaming audio over 
3rd and future generation wireless broadband networks. 13 Refs. ' 

Descriptors: Mobile telecommunication systems; Network protocols; - 
Internet; Voice/ data communication systems; Packet networks ; Signal 
encoding ; Image compression; Communication channels (information theory) ; 
Wireless telecommunication systems; Broadband networks 

Identifiers: Packet loss; Scalable audio compression; Scalable audio 
streaming; Internet protocol; Motion pictures experts group ; Source 
coding; Channel coding; Third generation networks 

Classification Codes: 

716.1 (Information & Communication Theory); 723.5 (Computer 
Applications); 716.3 (Radio Systems & Equipment); 723.2 (Data Processing) 

716 (Electronic Equipment, Radar, Radio & Television) ; 723 (Computer 
Software, Data Handling & Applications) 

71 (ELECTRONICS & COMMUNICATION ENGINEERING); 72 (COMPUTERS & DATA 
PROCESSING) 



22/5/5 (Item 5 from file: 8) 

DIALOG (R) File 8 : Ei Compendex(R) 

(c) 2004 Elsevier Eng. Info. Inc. All rts. reserv. 

05733229 E.I. No; EIP00125435552 

Title: Network security (security in large networks) 

Author: Singh, Manjinder; Singh, Sarabjit 
Corporate Source: Panjab Univ, Chandigarh, India 

Conference Title: 25th Annual IEEE Conference on Computer Network ( LCN 

2000) 

Conference Location: Tampa, FL, USA Conference Date: 20001108-200O1110 
Sponsor: IEEE Computer Society 
E.I. Conference No.: 57705 

Source: Conference on Local Computer Networks 2000. IEEE, Piscataway, NJ, 



USA. p 88-93 

Publication Year: 2000 

CODEN: CLCPDN ISSN: 0742-1303 

Language: English 

Document Type: CA; (Conference Article) Treatment: T; (Theoretical) 
Journal Announcement: 0101W4 

Abstract: It is common that users or hosts in a large network are 
partitioned and organized as a hierarchical tree where children of the same 
parent from a group . Secure broadcasting intends to provide a secure 
communication channel from a sending principal to a group of legal 
receiving principals. Only legal receiving principals can decrypt the 
message, and illegal receiving principals cannot acquire any information 
from the broad casted message. In this paper, we -propose -a secure- 
broadcasting protocol in which only one packet is transmitted for every 
broadcast, and the size of the broadcasted packet is small. (Author 
abstract) 10 Refs. 

Descriptors: Computer networks; Security of data; Communication channels 
( information theory) ; Packet switching ; Broadcasting; Cryptography ; 

Network protocols 

Identifiers: Network security 
Classification Codes: 

723.2 (Data Processing); 716.1 (Information & Communication Theory) 
716 (Radar, Radio & TV Electronic Equipment); 718 (Telephone & Line 
Communications); 723 (Computer Software) 

71 (ELECTRONICS & COMMUNICATIONS); 72 (COMPUTERS & DATA PROCESSING) 



22/5/6 (Item 6 from file: 8) 

DIALOG (R) File 8 : Ei Compendex(R) 

(c) 2004 Elsevier Eng. Info. Inc. All rts . reserv. 

05644709 E.I. No: EIP00095307475 

Title: Uplink packet access control in WCDMA • - 

Author: Wiberg, Niclas; Gioia, Antonella 

Corporate Source: Ericsson Radio Systems AB, Linkoping, Sweden 
Conference Title: VTC2000: 51st Vehicular Technology Conference 'Shaping 
History Through Mobile Technologies 1 

Conference Location: Tokyo, Jpn Conference Date: 19000515-19000518 
E.I. Conference No.: 57188 

Source: IEEE Vehicular Technology Conference v 3 2000. IEEE, Piscataway, 
NJ, USA . p 2203-2206 

Publication Year: 2000 

CODEN: IVTCDZ ISSN: 0740-0551 

Language: English 

Document Type: CA; (Conference Article) Treatment: T; (Theoretical) 
Journal Announcement: 0010W2 

Abstract: Three different access control algorithms for uplink packet 
transmission in a WCDMA system are investigated and compared. The first two 
methods, based on the number of channels and on the received interference, 
respectively, have appeared before in the literature. The third method is 
new and operates on cell group level, i.e. it is centralized. The methods 
are compared regarding achieved system throughput and the ability to 
control the uplink interference. The centralized , method, is found to be 
superior to the other algorithms, and as an added benefit it does not 
require interference measurements. (Author abstract) 4 Refs. 

Descriptors: Cellular radio systems; Telecommunication control; Packet 
switching ; Data communication systems; Code division multiple access; 
Radio links; Communication channels (information theory) ; Radio 
interference; Algorithms; Spurious signal noise 

Identifiers: Uplink packet access control; Interference measurement; 
Uplink interference 

Classification Codes: 

716.3 (Radio Systems & Equipment); 722.3 (Data Communication, Equipment 
& Techniques); 716.1 (Information & Communication Theory) 

716 (Radar, Radio & TV Electronic Equipment) ; 722 (Computer Hardware) 
71 (ELECTRONICS & COMMUNICATIONS); 72 (COMPUTERS & DATA PROCESSING) 



22/5/16 (Item 16 from file: 8) 

DIALOG (R) File 8 : Ei Compendex(R) 

(c) 2004 Elsevier Eng. Info. Inc. All rts . reserv. 

04902266 E.I. No: EIP98013999583 
Title: Bulletproof IP 

Author: Thayer, Rodney 

Corporate Source: Sable Technology Corp, Boston, MA, USA 

Source: Data Communications v 26 n 16 Nov 21 1997. p 54-58, 60 

Publication Year: 1997 

CODEN: DACODM ISSN: 0363-6399 

Language: English 

Document Type: JA; (Journal Article) Treatment: G; (General Review) 
Journal Announcement: 9803W1 

Abstract: The Internet Engineering Task Force is adding some armor for 
the Internet protocol (IP) security. The IPSec suite of security 
protocols make provisions- for authentication and , encryption . that make .the 
data transversing Internet a lot safer. These protocols fall into three 
categories: encapsulating security payload (ESP) 'and authentication header 
(AH) which define encryption and authentication methods for IP payloads; 
and the IP security association key management protocol (ISAKMP) which 
manages the exchange of secret keys between senders and receivers of ESP or 
AH packets . IPSec 1 s authentication feature guard against attacks launched 
from inside or outside the network while encryption keep hackers from 
decoding packets as they traverse the link. 

Descriptors: Security of data; Network protocols; Cryptography; Wide area 
networks; Local area networks; Codes (symbols); Packet switching ; 
Information services; Data communication systems; Gateways (computer 
networks ) 

Identifiers: Internet protocol (IP); Transport control protocol (TCP); 
Encapsulating security payloads (ESP) ; Authentication headers (AH) 
Classification Codes: 

723.2 (Data Processing); 722.3 (Data Communication, Equipment & 
Techniques); 903.4 (Information Services) 

723 (Computer Software); 722 (Computer Hardware); 716 (Radar, Radio & 
TV Electronic Equipment) ; 903 (Information Science) 

72 (COMPUTERS & DATA. PROCESSING) ; -71 (ELECTRONICS & COMMUNICATIONS); 90 
(GENERAL ENGINEERING) 



22/5/17 (Item 17 from file: 8) 

DIALOG (R) File 8 : Ei Compendex(R) 

(c) 2004 Elsevier Eng. Info. Inc. All rts. reserv. 

04608567 E.I. No: EIP97013502455 

Title: Segmented image coding with contour simplification for video 
sequences 

Author: Chris topoulos , V.A. ; Chris topoulos , C.A.; Philips, W. ; Cornells, 

J. 

Corporate Source: Vrije Universiteit Brussel, Brussels, Belgium 
Conference Title: Proceedings of the 1996 IEEE International Conference 
on Image Processing, ICIP'96. Part 1 (of 3) 

Conference Location: Lausanne, Switz Conference Date: 19960916-19960919 
Sponsor: IEEE 

E.I. Conference No.: 45905 

Source: IEEE International Conference on Image Processing v 1 1996. IEEE, 

Los Alamitos, CA, USA, 96CH35919 . p 693-696. 

Publication Year: 1996 
CODEN: 8 5QTAW 
Language: English 

Document Type: CA; (Conference Article) Treatment: T; (Theoretical) 
Journal Announcement: 9703W3 

Abstract: In this paper a segmented image coding algorithm for video 
sequences is presented. The first frame in the data is always encoded 
in intraframe mode, while the rest of the frames in the data are 
encoded in inter frame mode. The inter frame encoding is based on (1) block 



motion vector estimation and coding, (2) segmentation of the prediction 
error image and classification of the regions in foreground/background, 
(3) contour simplification and coding, and (4) texture approximation by a 
linear combination of weakly separable base functions and coefficient 
coding. The contour simplification leads to an average reduction of 30% in 
the number of bits needed for the contour coding, the system can be 
adjusted at different bitrates by parameter tuning, the simulation results 
are of high quality in terms of PSNR and show that our coding approach is 
particularly promising for very low bitrate applications. (Author abstract) 
13 Refs. 

Descriptors: *Image coding; Image segmentation; Algorithms; Error 
compensation; Computer simulation; Signal to noise ratio; Image quality; 
Parameter estimation; Image compression 

Identifiers: Interframe coding; Video sequences contour simplification 

Classification Codes: 

723.2 (Data Processing); 741.1 (Light/Optics); 721.1 (Computer Theory, 
Includes Formal Logic, Automata Theory, Switching Theory, Programming 
Theory); 723.5 (Computer Applications) 

741 (Optics & Optical Devices); 723 (Computer Software); 721 (Computer 
Circuits & Logic Elements) 

74 (OPTICAL TECHNOLOGY); 72 (COMPUTERS & DATA PROCESSING) 



22/5/21 (Item 1 from file: 2) 

DIALOG (R) File 2:INSPEC 

(c) 2004 Institution of Electrical Engineers. All rts . reserv. 

7204226 INSPEC Abstract Number: B2002-04-6210L-112 , C2002-04-6130S-024 

Title: IPSec /PHIL (packet header information list) : design, 
implementation, and evaluation 

Author(s): Chien-Lung Wu; Wu, S.F.; Narayan, R. 

Author Affiliation: North Carolina State Univ., Raleigh, NC, USA 
Conference Title: Proceedings Tenth International Conference on Computer 
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Abstract: For most TCP/UDP/IP applications, when a packet or a message 
arrives, usually only the payload portion of the original packet can be 
obtained by the application. For instance, if a packet has been delivered 
through some IPSec (IP security) tunnels along the route path, then the 
application, in general, does not know exactly which tunnels have been used 
to deliver this particular packet. The IPSec /PHIL (packet header 
information list) interface has been designed and implemented such that an 
"authorized" application is able to know which set of IPSec tunnels has 
been used to deliver a particular incoming packet. Furthermore, IPSec 
/PHIL enables controllability over -'Which set of IPSec tunnels is used to 
send a particular outgoing packet. IPSec /PHIL is a key component in the 
Deciduous decentralized source tracing system to correlate the IPSec 

information with intrusion detection results. Other IPSec /PHIL 
applications we have built include a SNMPv3 security module using IPSec 

as well as an IPSec tunnel switching router. (17 Refs) 
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decentralized source tracing system; intrusion detection results; SNMPv3 
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Abstract: The challenge of accelerating cryptographic functions, such as 
encryption and decryption , at high data rates is no longer limited to 
speeding algorithm processing. Establishing and managing secure sessions, 
either using SSL or IPSec , requires complex handshaking that is 
processor-intensive, At higher data rates, there comes a point when a 
server can no longer feed an accelerator because the server's ability to 
process packets becomes the bottleneck. To achieve higher performance, 
accelerators have to offload more than just the encryption algorithms. 
Managing SSL and IPSec -that is, getting data out of the packet, then 
putting it back in-has become a larger part of the security problem. The 
trick is designing a system in which you eliminate bottlenecks, not just 
move them. (0 Refs) 
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GRADE: Product Analysis, No Rating 

Cryptography ensures private data transmission over public networks. In a 
public key encryption system, messages are encrypted with publicly 
available keys, but decryption requires a unique secret key held by the 



intended recipient. Public- key cryptography was invented by the founders of 
RSA Security, and early users were AT&T, Lotus Development, Microsoft, and 
WordPerfect, which used the technology to add security to their 
applications. For Internet transmission, public key encryption is widely 
used. Multiple agencies process distribution of key pairs. Standards such 
as IPSec create a relatively interoperable environment for security 
implementation. However, the U.S. government has effectively restricted 
broad-based adoption of public key infrastructure (PKI), since the U.S. has 
limited the length of encryption keys, although the most difficult-to-crack 
messages have the longest encryption keys. Because the Internet requires 
the ability to deploy encrypted messages to and from all connected 
desktops, Secure Sockets Layer (SSL) was developed as a simple, scalable 
solution that uses a unique cryptographic key for each session. In the mid 
1990s, virtual private networks (VPNs), which encrypt all data sent between 
hosts or networks, emerged to provide secure transmission 
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Virtual private networks (VPNs) transport packets 'for your network 
connection that are are packaged as data on the Internet, transported to 
the network to which you want to connect, and opened up and released onto 
that network once again as real packets. 1 Network data is encrypted before 
it is sent over the Internet and decrypted at the receiving end. Remote 
access VPN technology is older than VPN technology in which complete LANs 
are connected via the Internet. The latter method is effective for 
providing business partners with restricted access to a company network and 
to connect branch offices via the network, instead of through high-cost 
l easec i lines. For instance, DST Innovis specializes in emerging markets, 
for which DST Innovis provides data center and networking services. 
Microsoft and 3Com support Point-to-Point Tunneling Protocol (PPTP), a 
standard method for tunneling one protocol inside another. Microsoft 
provides free clients for Windows95 and Windows NT 4 Workstation, and 
server components in Windows NT 4 Server. -A large third-party . VPN, mar,ket . 
currently thrives, however, and Microsoft and Cisco Systems recently 
developed Layer 2 Tunneling Protocol (L2TP) , which is the next generation 
of PPTP. Microsoft supports L2TP and IPSec in Windows 2000; IPSec is 
becoming the standard for VPNs and is supported in most up-to-date 
products. Firewall and encryption card vendors, including Check Point and 
IRE, also provide VPNs. 
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Although the IPSec protocol is good protection, it is not perfect because 
it does not scale effectively beyond virtual private networks (VPNs) to the 
enterprise. IPSec uses the Internet Key Exchange Protocol, which deploys 
unique keys to manage each node in the network. Therefore, the numbers of 
keys required increases almost out of control as new nodes are added, which 
exponentially increases management workload. Lack of interoperability among 
various vendors products is also an issue, and IPSec can clog encrypted 
network traffic unacceptably . However, IPSec is supported by most larger 
vendors. Public key infrastructure (PKI) is an emerging and developing set 
of standards for encryption, authentication, and validation of network 
transactions through use of digital certificates and certification 
authorities. The government is directly engaged in testing and use of PKI 
technology in the Healthcare Internet Interoperability Pilot, which 
authenticates users and tracks support and expenditures for 500,000 people 
at hospitals, government agencies, and insurance companies . The Fed also 
has its own PKI pilot program, the Federal Public-Key Infrastructure 
Project. With PKI, users get two separate keys (public and private) . 
Message senders use the recipient's public key, which is like an address; 
the receiver decrypts with the private key. PKI can be costly and 
difficult to deploy and requires a central directory for storage of digital 
certificates and other data. 
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A discussion is provided of distribution, installation, and maintenance of 



virtual private network (VPN) clients. For some VPNs , thousands of users 
have to be supplied with clients, which can be a daunting task, since the 
numberof end-users linked is directly proportional to the amount of remote 
client software required. VPN vendors are tackling the problem. For 
instance, many make clients available as Web downloads, and include wizards 
that guide end-users through installation and also update software as users 
log on to a corporate network. Increasing numbers of companies have begun 
to use VPNs, which use the Internet as a WAN connection for remote access. 
The most straightforward client available is one already distributed with 
OSs used by the remote PCs. For instance, Windows 9x/NT all support VPN 
tunneling technology based on Point to Point Tunneling Protocol (PPTP) . 
However, for users who are not satisfied with the security provided by 
PPTP, IP Security ( iPSec ) is a more stringent standard for authorization 
and encryption over VPNs .If IPSec is -used, separate clients are 
required, and VPN software is distributed to client machines via disk, 
e-mail, or a Web download. Desktop users then retrieve the client from a 
corporate intranet Web server. Users also must register their encryption 
schemes to allow coded messages to be decoded by corporate servers. 
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Network Associates" PGP Data Security Suite 6.5.1, a full-functioned 
enterprise security product, gets excellent marks overall, especially for 
usability, capability, and performance; interoperability and manageability 
are rated good. Significant advantages include the ability to support most 
e-mail clients and mail systems; e-mail, network, and file/ volume 
encryption with IKE and IPSec support; integration with X . 509~enabled 
PKIs; a decentralized PGP infrastructure; and inclusion of a command-line 
client and e-mail policy manager. However, client implementation and policy 
updating abilities should be strengthened, and no monitoring of virtual 
private network (VPN) clients is provided, nor are mail client and 
Secure/Multipurpose Internet Mail Extensions (S/MIME) application* support 
for Netscape and GroupWise. As shipped, PGP Data Security supports the 
Notes mail client and tools for sending encrypted files to non-PGP users; 
the latter must only enter a password to decrypt a file. PGP Data 
Security is highly scalable, and is therefore suitable for small sites with 
peer-to-peer configurations and large organizations that use public key 
infrastructure servers. An important benefit of PGP Data Security is its 
automated encryption for everyday tasks, which eliminates the added 
workload for administrators and users imposed by many other encryption and 
message authentication methods. 
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A discussion of the balance between performance and adequate network 
security in virtual private networks (VPNs) explains that the conventional 
wisdom, which dictates a sacrifice in speed in favor of encryption, may be 
wrong. The Internet Protocol Security ( IPSec ) standard under 
development by the Internet Engineering Task Force (IETF) is becoming more 
stable, and can increase the performance of commercial VPN products. One of 
factors that slows VPN performance is encryption, which requires 
resource-hungry encoding/ decoding of data. To address the issue, vendors 
are providing a new type of VPN product that is not so focused on pushing 
data-encrypted packets through a network as speedily . as possible .. Server .... 
products from Altiga Networks and Compatible Systems process thousands of 
concurrent users on high-bandwidth connections, while clients from 3Com and 
RedCreek Communications add encryption acceleration functions to client 
computers to ensure consistent performance over the VPN path. Component 
developers, including Analog Devices and Hi/fn, are developing faster, .._ 
customized chips that handle IPSec encryption where needed. A trend 
toward inclusion of VPN features into networking equipment by Cisco Systems 
and Nortel will involve embedded support for hardware acceleration of 
encrypted traffic on IP routers. 
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Presents guidelines on using the encrypting file system (EFS) module in 



the Windows 2000 operating system from Microsoft Corp. Enumerates the 
significant security features in Windows 2000: use of Kerberos to replace 
the easily-cracked LAN Manager encryption and authentication scheme, 
support for the industry standard IP Security ( IPSec ) virtual private 
network (VPN) protocols, and EFS . Indicates that all the features interact 
with Active Directory and the Windows 2000 public key infrastructure (PKI) . 
Says that transparency, security, and recovery are three primary advantages 
of EFS. Mentions, however, that disadvantages are single-user access, heavy 
compute load on server, and reliance on user passwords. Details six EFS 
best practices, including ensuring that all files are recovered or 
decrypted before destroying recovery certificates. Includes two sidebars 

and a photo. (MEM) _ , t .. , . . 
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ABSTRACT: We installed Linux and FreeS/WAN on a PC/AT compatible machine to 
make an IPSec router. We measured the time of ping/ftp, only in the 
university, between the university and the external network. Between 
the university and the external network (the Internet) , there were no 
differences. Therefore, we concluded that CPU load was not remarkable 
at low speed networks, because packets exchanged via the Internet are 
small, or compressions of VPN are more effective than encoding and 
decoding . On the other hand, in the university, the IPSec router 
performed down about 20-30% compared with normal IP communication, but 
this is not a serious problem for practical use. Recently, VPN machines 
are becoming cheaper, but they do not function sufficiently to create a 
fundamental VPN environment. Therefore, if one wants a fundamental VPN 
environment at a low cost, we believe you should select a VPN router on 
Linux, (author abst.) 
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Performance impact of data compression on virtual private network 
transactions 
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Document type: Conference paper Language: English 
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ABSTRACT * 

Virtual private networks -(VPNs) allow- two or more parties -to- communicate - ^ 
securely over a public network. Using cryptographic algorithms and 
protocols, VPNs provide security services such as confidentiality, host 
authentication and data integrity. The computation required to provide 
adequate security, however, can significantly degrade the performance. We 
characterize the extent to which data compression can alleviate this 
performance problem in a VPN implemented with the IP Security Protocol ( 
IPsec ) . We use a system model for IPsec transactions to derive an 
inequality that specifies the conditions required for data compression to 
improve performance. We generate performance results for many combinations 
of network types, data types, packet sizes, and encryption, authentication 
and compression algorithms. We find that compression usually improves the 
performance when using 10 Mbps or slower networks, but compression only 
improves the performance in systems with 100 Mbps or 1 Gbps networks when 
using computationally intensive encryption algorithms. 
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ABSTRACT: 

Damit Unternehmen geschaef tskritische- Daten sicher uebertragen koennen, 
wird eine s tandardisierte und sichere Erweiterung des Internet Protocols 
(IP) benoetigt. Daher hat die Internet Engineering Task force (IETF) IPsec 
verabschiedet, und zwar als Teil eines Kompendiums von Richtlinien. IPsec 
sichert die Uebertragung via TCP/IP auf der network layer (Schicht 3) . 
Durch Umwandlung per 'Authentication Header' stellt IPsec sicher, dass 
ein akzeptiertes Datenpaket vom richtigen Absender stammt. Umwandlung per 
Encapsulation Security Payload verschluesselt ein Datenpaket. IPsec 
-Implementierungen muessen u. a. die Algorithmen MD5, DES und Secure Hash 
Algorithm anwenden. Vor dem Datenaustausch einigen die Netzknoten sich auf 
Verschluesselung und deren Algorithmen, Integritaet und Authentif izierung . 
Eine Datenstruktur namens Security Association (SA) spezif iziert , wie ein 
Datenpaket umgewandelt wird. Die SA wird mit einer 32-Bit-Zahl (SPI) und 
Kennung fuer Sender und Empfaenger gekennzeichnet . SAs werden mit dem 
Protokoll Internet Key Exchange (IKE) erzeugt, ausgehandelt , modifiziert 
und geloescht. In der ersten Phase wird einmal vorab eine SA fuer 



Uebertragung gemaess Internet Security Association and Key Management 
Protocol (ISAKMP) erzeugt, dann in einer 2. Stufe die Sas fuer IPs ec . Um 
die Gefahr zu reduzieren, dass ein Server durch ressourcenf ressende 
Angriffe lahmgelegt wird, legt der Standard SSH IPsec Express fest, wie 
fehlerhafte Datenpakete schnell au j sgef iltert werden. IPsec wird von 
vielen IT-Anbietern unterstuet zt . 
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ABSTRACT: 

We have developed an error-resilient transmission technique,^ called 
priority protection, that' offers a different level of protection to each 
segment of an incoming data stream according to its importance. Even thou 
a certain group of ATM cells are lost during transmission, the original 
data segment can be fully reconstructed with the protection scheme. The 
length of each data portion and its level of protection are user-def inabL 
in the developed simulator. We have tested the proposed scheme with a 
sequence of wavelet transformed images, as a wavelet transformed image 
consists of a number of subbands, of which. each can. be classified, into a 
different priority level. This paper describes what the proposed scheme, 
priority protection, is, and how well a wavelet transformed image is 
protected with the scheme at a certain cell loss rate. 
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ABSTRACT : 

Future broadband integrated services networks based on the asynchronous 
transfer mode (ATM) technology are expected to carry information from a 
large variety of different services and applications. This paper 
investigates video aggregation, a concept that integrates compression and 
statistical multiplexing of video information for transport over a 
communication network. We focus on the transmission of a group of video 
sessions as a bundle, the practical examples of which include 
entertainment-video broadcast and video- on-demand (VoD) . * In * this situation, 
the advantage of constant bit-rate (CBR) transport (which facilitates 
simple network management and operation) and the advantage of variable 
bit-rate (VBR) video compression (which yields smoother image quality) can 
be achieved simultaneously. We show that it is better to integrate 
compression and statistical multiplexing before the bundle of video traffic 
enters the network than performing them as independent processes. We 
present experimental results which indicate the advantages of video 
aggregation in terms of superior image quality and efficient bandwidth 
usage . 
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ABSTRACT: 

This paper describes why encryption was 'selected 'by Lockheed' Martin 
Missiles & Space as the means for securing ATM (Asynchronous Transfer Mode) 
networks. The ATM encryption testing program is part of an ATM network 
trial provided by Pacific Bell under the California Research Education 
Network (CalREN) . The problem being addressed is the threat to data 
security which results when changing from a packet switched network^ 
infrastructure to a circuit switched ATM network backbone. As organizations 
move to high-speed cell-based networks, there is a break down in the 
traditional security model which is designed to protect packet switched 
data networks from external attacks. This is due to the fact that most data 
security firewalls filter IP (Internet Protocol) packets, restricting 
inbound and outbound protocols, e.g. ftp. ATM networks, based on 
cell-switching over virtual circuits, does not support this method for 
restricting access since the protocol information is not carried by each 
cell. ATM switches set up multiple virtual connections, thus there is no 
longer a single point of entry into the internal network. The problem is 
further complicated by the fact that ATM networks support high-speed 
multimedia applications, including real-time video and video 



teleconferencing which are incompatible with packet switched networks. The 
ability to restrict access to Lockheed Martin networks in support of both 
unclassified and classified communications is required before ATM network 
technology can be fully deployed. The Lockheed Martin CalREN ATM testbed 
provides the opportunity to test ATM encryption prototypes with actual 
applications to assess the viability of ATM encryption methodologies prior 
to installing large-scale ATM networks. 
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ABSTRACT: 

The paper present the theory and practice of permutation coding as a new 
tool for very low-bit-rate image compression. Conventional source coding 
deals with the data information of signals, while the permutation coding 
achieves compression through efficiently representing the positional 
information (i.e., position permutation) caused by ordering the data 
information into order statistics . A- set of four theorems is presented. The 
first one reveals the information-theoretic relationship between data and 
permutation information and the rest solves the efficient coding problem. 
For this, novel tools from finite group theory are applied to derive a 
compact form of representation for permutation, called 
permutation-cyclic-representation ( PCR) -vectors , with which various 
regularities and constraints in the structure of positional information are 
displayed, whereby the coding is made very easy using a runlength and 
Huffman method. A block DCT-based permutation coding algorithm (the BCPC) 
is developed attempting to combine DCT ' s excellent features of energy 
packing and magnitude ordering that are found to be amenable to the 
permutation coding. This mutually benefitial characteristic . significantly . 
reduces the coding bit-rate. Simulation results are provided for real 
images, showing an improvement by 3-4 dB in the peak-SNR index as compared 
to those representing the state-of-the-art. 
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